10
 Exponential growth in credential theft attacks due to widely available tools  Identify accounts most likely to be targeted  Do not use single factor authentication Robust Authentication Controls

11
 Never administer a trusted system from an insecure host.  Do not rely on single authentication  Do not ignore physical security  Even if organization does not use smart cards consider using it for privileged accounts Secure Administrative Hosts

14
  “It is generally well-accepted that if an attacker has obtained SYSTEM, Administrator, root, or equivalent access to a computer, regardless of operating system, that computer can no longer be considered trustworthy, no matter how many efforts are made to “clean” the system. Active Directory is no different. “   Prevention is better than reaction Planning for Compromise